Privileges in a Linux or Unix environment
For Linux and Unix environments, Snow Inventory Oracle Scanner can be run with two privilege options: full and according to the principle of least privileges.
Full privileges
The Snow Inventory Agent must be run as root.
Principle of least privileges
A user is required with sudo rights to the operating system commands outlined in the table below. The NOPASSWD option needs to be set on the sudoers file.
An Oracle database user is required for each database to be inventoried, and needs to be defined in the agent configuration file, snowagent.config. Either the user is the same for all databases and configured using the DefaultInstanceCredentials element, or the user can be unique and configured using the InstancesWithConfiguration element.
To run Snow Inventory Oracle Scanner with operating-system authentication instead of authenticating by means of a dedicated Oracle-database user for each database instance, the local user that runs the scanner must be a member of the dba group.
Example from sudoers file for Solaris:
User snow has the rights to execute the commands with sudo and no password:
##
## User privilege specification
##
root ALL=(ALL) ALL
snow ALL=NOPASSWD: /usr/bin/pwdx
snow ALL=NOPASSWD: /usr/bin/pargs -e [0-9]*
Example from sudoers file for Linux:
User snow has the rights to execute the commands with sudo and no password:
##
## User privilege specification
##
root ALL=(ALL) ALL
snow ALL=NOPASSWD: /usr/bin/ls
snow ALL=NOPASSWD: /usr/bin/ls -l /proc/[0-9]*/cwd
snow ALL=NOPASSWD: /usr/bin/ps ewww [0-9]*
The following commands are used for determining OracleHome and the location of running processes.
| Operating system | Command |
|---|---|
| Solaris | pargs pwdx |
| AIX and Linux | ls ls -l /proc/[0-9]*/cwd ps ewww [0-9]* |
| HP-UX | pfiles |